diff options
Diffstat (limited to 'src/libpostexecseccomp/libpostexecseccomp.c')
-rw-r--r-- | src/libpostexecseccomp/libpostexecseccomp.c | 12 |
1 files changed, 8 insertions, 4 deletions
diff --git a/src/libpostexecseccomp/libpostexecseccomp.c b/src/libpostexecseccomp/libpostexecseccomp.c index e51445de4..3983510ec 100644 --- a/src/libpostexecseccomp/libpostexecseccomp.c +++ b/src/libpostexecseccomp/libpostexecseccomp.c | |||
@@ -17,19 +17,22 @@ | |||
17 | * with this program; if not, write to the Free Software Foundation, Inc., | 17 | * with this program; if not, write to the Free Software Foundation, Inc., |
18 | * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. | 18 | * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. |
19 | */ | 19 | */ |
20 | #include "libpostexecseccomp.h" | ||
21 | #include "../include/seccomp.h" | 20 | #include "../include/seccomp.h" |
21 | #include "../include/rundefs.h" | ||
22 | #include <fcntl.h> | 22 | #include <fcntl.h> |
23 | #include <linux/filter.h> | 23 | #include <linux/filter.h> |
24 | #include <sys/mman.h> | 24 | #include <sys/mman.h> |
25 | #include <sys/prctl.h> | 25 | #include <sys/prctl.h> |
26 | #include <unistd.h> | 26 | #include <unistd.h> |
27 | #include <stdio.h> | ||
27 | 28 | ||
28 | __attribute__((constructor)) | 29 | __attribute__((constructor)) |
29 | static void load_seccomp(void) { | 30 | static void load_seccomp(void) { |
30 | int fd = open(RUN_SECCOMP_POSTEXEC, O_RDONLY); | 31 | int fd = open(RUN_SECCOMP_POSTEXEC, O_RDONLY); |
31 | if (fd == -1) | 32 | if (fd == -1) { |
33 | fprintf(stderr, "Error: cannot open seccomp postexec filter file %s\n", RUN_SECCOMP_POSTEXEC); | ||
32 | return; | 34 | return; |
35 | } | ||
33 | 36 | ||
34 | off_t size = lseek(fd, 0, SEEK_END); | 37 | off_t size = lseek(fd, 0, SEEK_END); |
35 | if (size <= 0) { | 38 | if (size <= 0) { |
@@ -40,11 +43,12 @@ static void load_seccomp(void) { | |||
40 | struct sock_filter *filter = MAP_FAILED; | 43 | struct sock_filter *filter = MAP_FAILED; |
41 | if (size != 0) | 44 | if (size != 0) |
42 | filter = mmap(NULL, size, PROT_READ, MAP_PRIVATE, fd, 0); | 45 | filter = mmap(NULL, size, PROT_READ, MAP_PRIVATE, fd, 0); |
43 | |||
44 | close(fd); | 46 | close(fd); |
45 | 47 | ||
46 | if (filter == MAP_FAILED) | 48 | if (filter == MAP_FAILED) { |
49 | fprintf(stderr, "Error: cannot map seccomp postexec filter data\n"); | ||
47 | return; | 50 | return; |
51 | } | ||
48 | 52 | ||
49 | // install filter | 53 | // install filter |
50 | struct sock_fprog prog = { | 54 | struct sock_fprog prog = { |